50cdd2397836d33a8dc285ed421d9b7cc69e38ba0421638235206fd466299dab[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

50cdd2397836d33a8dc285ed421d9b7cc69e38ba0421638235206fd466299dab.exe
Size

378KB
MD5

0516f5400f226df3ac36769ed8273ac8
SHA1

8117dc7922e2ef95efca381316a7267b4a9f4791
SHA256

50cdd2397836d33a8dc285ed421d9b7cc69e38ba0421638235206fd466299dab
SHA512

2e7675ceec293042d478dcde9143cdd6b0288ec85f596363956d1bc538b1c12678e6313c091b5c695c03ecf7b3deb0ec47b82a88a2311c659968bc61a179d548
SSDEEP

6144:Q6kqrRtI+0qbUsGSttxGAOwDza6t3I9TNTescIBLTyQJz0X84I7z9MH:X0qIEza6YrIs4g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
50cdd2397836d33a8dc285ed421d9b7cc69e38ba0421638235206fd466299dab.exe

Files

50cdd2397836d33a8dc285ed421d9b7cc69e38ba0421638235206fd466299dab.exe
.dll windows:5 windows x64 arch:x64

dd827f37d7a4bd48ae5842c7bc39998e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Z:\方案四\CallDll\x64\Release\twain_64.pdb

Imports

kernel32

GetModuleHandleA
QueryPerformanceCounter
GetTickCount
QueryPerformanceFrequency
WaitForSingleObject
SetEvent
CreateEventA
GetWindowsDirectoryA
GetModuleFileNameA
GetCurrentProcess
GetStartupInfoA
GetLastError
CreateFileA
SystemTimeToTzSpecificLocalTime
GetPrivateProfileIntA
GetFileAttributesA
TerminateProcess
FileTimeToSystemTime
MultiByteToWideChar
CreateDirectoryA
GetSystemInfo
SetFileAttributesA
GetPrivateProfileStringA
GetFileTime
GetVersion
LocalFree
FreeLibraryAndExitThread
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentDirectoryW
SetCurrentDirectoryA
LoadLibraryA
GetProcAddress
GetVersionExA
lstrcpyA
CreateToolhelp32Snapshot
Process32Next
lstrcmpiA
lstrcatA
OpenProcess
Process32First
QueryDosDeviceA
lstrlenA
GetLogicalDriveStringsA
DeleteFileA
FindNextFileA
FindClose
CopyFileA
FindFirstFileA
CreateThread
CloseHandle
CreatePipe
GetSystemDirectoryA
ReadFile
CreateProcessA
Sleep
WriteFile
PeekNamedPipe
WritePrivateProfileStringA
LockResource
SizeofResource
WideCharToMultiByte
FindResourceExW
LoadResource
FindResourceW
RemoveDirectoryA
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
CreateFileW
GetExitCodeProcess
SetStdHandle
WriteConsoleW
GetStringTypeW
GetCurrentProcessId
HeapCreate
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
LoadLibraryW
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LCMapStringW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
MoveFileA
FindFirstFileExA
FileTimeToLocalFileTime
GetModuleHandleW
ExitProcess
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc

user32

GetSystemMetrics

advapi32

ImpersonateLoggedOnUser
GetUserNameA
RevertToSelf
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
SetEntriesInAclA
RegCloseKey
RegEnumValueA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
DuplicateTokenEx
CreateProcessAsUserA
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken
ControlService
OpenSCManagerA
QueryServiceStatus
StartServiceA
EnumServicesStatusExA
CloseServiceHandle
OpenServiceA
LookupAccountSidA

wtsapi32

WTSEnumerateProcessesA
WTSEnumerateSessionsA
WTSFreeMemory
WTSQueryUserToken

psapi

GetProcessImageFileNameA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

ws2_32

gethostname
inet_ntoa
WSAStartup
gethostbyname
recv
send
accept
htons
setsockopt
sendto
socket
closesocket
listen
WSAGetLastError
bind
connect
ioctlsocket
htonl
recvfrom
ntohl
inet_addr

netapi32

NetUserEnum
NetApiBufferFree

Sections

.text
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd827f37d7a4bd48ae5842c7bc39998e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

wtsapi32

psapi

userenv

ws2_32

netapi32

Sections

.text Size: 282KB - Virtual size: 282KB

.rdata Size: 73KB - Virtual size: 72KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 12KB - Virtual size: 12KB

.rsrc Size: 1024B - Virtual size: 696B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 282KB - Virtual size: 282KB

.rdata
Size: 73KB - Virtual size: 72KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 2KB - Virtual size: 1KB